add a TsigStatus to the client as well
Bring server and client side more inline with each other. For a client we also use TsigStatus() to retrieve the tsig info.
This commit is contained in:
parent
49f41fb17b
commit
1744a80850
17
client.go
17
client.go
|
@ -24,11 +24,12 @@ type QueryHandler interface {
|
|||
// The RequestWriter interface is used by a DNS query handler to
|
||||
// construct a DNS request.
|
||||
type RequestWriter interface {
|
||||
Write(*Msg)
|
||||
// Write ??
|
||||
Send(*Msg) error
|
||||
Receive() (*Msg, error)
|
||||
Close() error
|
||||
Dial() error
|
||||
TsigStatus() error
|
||||
}
|
||||
|
||||
// hijacked connections...?
|
||||
|
@ -39,7 +40,7 @@ type reply struct {
|
|||
conn net.Conn
|
||||
tsigRequestMAC string
|
||||
tsigTimersOnly bool
|
||||
tsigStatus int
|
||||
tsigStatus error
|
||||
}
|
||||
|
||||
// A Request is a incoming message from a Client.
|
||||
|
@ -281,6 +282,10 @@ func (w *reply) Request() *Msg {
|
|||
return w.req
|
||||
}
|
||||
|
||||
func (w *reply) TsigStatus() error {
|
||||
return w.tsigStatus
|
||||
}
|
||||
|
||||
func (w *reply) Receive() (*Msg, error) {
|
||||
var p []byte
|
||||
m := new(Msg)
|
||||
|
@ -301,13 +306,11 @@ func (w *reply) Receive() (*Msg, error) {
|
|||
if m.IsTsig() {
|
||||
secret := m.Extra[len(m.Extra)-1].(*RR_TSIG).Hdr.Name
|
||||
if _, ok := w.Client().TsigSecret[secret]; !ok {
|
||||
return m, ErrSecret
|
||||
w.tsigStatus = ErrSecret
|
||||
return m, nil
|
||||
}
|
||||
// Need to work on the original message p, as that was used to calculate the tsig.
|
||||
err := TsigVerify(p, w.Client().TsigSecret[secret], w.tsigRequestMAC, w.tsigTimersOnly)
|
||||
if err != nil {
|
||||
return m, err
|
||||
}
|
||||
w.tsigStatus = TsigVerify(p, w.Client().TsigSecret[secret], w.tsigRequestMAC, w.tsigTimersOnly)
|
||||
}
|
||||
return m, nil
|
||||
}
|
||||
|
|
|
@ -424,7 +424,8 @@ func (k *RR_DNSKEY) pubKeyRSA() *rsa.PublicKey {
|
|||
// Remainder
|
||||
expo += uint64(keybuf[keyoff])
|
||||
if expo > 2<<31 {
|
||||
// Larger expo than supported
|
||||
// Larger expo than supported.
|
||||
// println("dns: F5 primes (or larger) are not supported")
|
||||
return nil
|
||||
}
|
||||
pubkey.E = int(expo)
|
||||
|
|
|
@ -13,6 +13,7 @@ import (
|
|||
var dnskey *dns.RR_DNSKEY
|
||||
|
||||
func q(w dns.RequestWriter, m *dns.Msg) {
|
||||
// Access this here, w.TsigStatus (for message m?)
|
||||
if err := w.Send(m); err != nil {
|
||||
fmt.Printf("%s\n", err.Error())
|
||||
w.Write(nil)
|
||||
|
|
|
@ -90,7 +90,7 @@ func ListenAndServe(addr string, network string, handler Handler) error {
|
|||
}
|
||||
|
||||
// Start a server on addresss and network speficied. Use the tsig
|
||||
// secrets for Tsig validation.
|
||||
// secrets for Tsig validation.
|
||||
// Invoke handler for any incoming queries.
|
||||
func ListenAndServeTsig(addr string, network string, handler Handler, tsig map[string]string) error {
|
||||
server := &Server{Addr: addr, Net: network, Handler: handler, TsigSecret: tsig}
|
||||
|
@ -321,6 +321,7 @@ func (c *conn) serve() {
|
|||
if _, ok := w.conn.tsigSecret[secret]; !ok {
|
||||
w.tsigStatus = ErrKeyAlg
|
||||
}
|
||||
// Do I *ever* need Tsig.Mac here? Or timersOnly? TODO(mg)
|
||||
w.tsigStatus = TsigVerify(c.request, w.conn.tsigSecret[secret], "", false)
|
||||
}
|
||||
w.req = req
|
||||
|
|
Loading…
Reference in New Issue